Ransomware Roundup: 02.25.22

Written by
Halcyon Team
Published on
February 25, 2022

It comes as no surprise that we’re seeing ransomware attacks against Ukraine this week and while attribution is usually a fool’s errand, it’s not a stretch to assume these attacks help one very specific actor.

The use of ransomware as a cover for HermeticWiper has been noted by several firms, most notably Symantec, ESET, and SentinelOne who have provided excellent write-ups on the samples. The malware leverages drivers for a popular disk management application, uses seemingly legitimate code-signing certificates, and was compiled several months before the current crisis in Ukraine - take what you will from that last fact. Reports indicate that several sectors were targeted including financial, defense, aviation, and IT services and that ransomware was used as a cover story with the real intent being to destroy data.

Politco reports that the Conti team has vowed to support the Russian government and would use “all possible resources to strike back at the critical infrastructure of an enemy”. The group behind the ever-popular Conti ransomware is best known for hitting hospitals around the world last year.

NBC and others report that President Joe Biden was presented with cyberattack options to disrupt Russian military operations in Ukraine including cyber effects that impact power, transport, and resupply logistics. In response to additional Russian sanctions, the White House via DHS has started to warn business about the possibility of ransomware attacks as retaliation with CISA issuing a "shields up" alert.

Big Mac fans will be dismayed by a report that the Snatch gang hit McDonald's and is holding ~500GB of corporate data for ransom.

It will not be an easy weekend for SOC teams and IT departments, please send your security colleagues plenty of caffeine-infused beverages.

Subscribe to newsletter

Subscribe to receive the latest blog posts to your inbox every week.

By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

The Halcyon Platform

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks. Halcyon is built by attackers to stop attackers. The solution is a lightweight agent that combines multiple proprietary advanced prevention engines along with AI models trained solely on ransomware.

Interested in getting a demo? Fill out the form and let’s talk!

Get a Demo

Meet with a Halcyon Anti-Ransomware Expert